Chroot Bind9 INSTALL for FreeBSD 5.2

This doesn't really get to into detail with setting up your named.conf and also forward and reverse zones for your domains but its a quicky to get bind9 up and running. Our chroot directory is setup or installed in /chroot you can make modifications if needed. Most Linux users might prefer /var directory. Best and most secure and redundant setup would be to have another drive that just stores the DNS database and if you run other services in chroot that is also ideal. If your going to set up on a seperate drive make sure you add the HDD and or directory to your /etc/fstab.

A. Install Bind 9 from the ports collection.

1. cd /usr/ports/net/bind9 # make install clean --sysconfdir=/etc/namedb

B. Create and prepare the chroot directories and I hope you read the docs if you don't get errors now you will later when you reboot so RTFM!

1. mkdir -p /chroot/named/etc/namedb

2. mkdir -p /chroot/named/dev

3. mkdir -p /chroot/named/var

4. cd /chroot

5. chown -R bind:bind named

6. chmod 700 named

7. cp /etc/localtime /chroot/named/etc

8. cp /etc/namedb/named.root /chroot/named/etc/namedb/

9. cd /chroot/named/dev

10. mknod zero c 2 12

11. mknod random c 249 0

12. mknod null c 2 2

13. chmod 666 zero random null

C. Remove the /etc/namedb directory in etc and create a symbolic link to dev

1. cd /etc

2. mv namedb namedb.old

3. ln -s /dev/random /chroot/named/etc/namedb .

4. Create a key for rndc using rndc-confgen. Make sure the key in /usr/local/etc/rndc.conf is the same as in your chroot enviroment Use the same key in named.conf rndc-confgen -r /dev/random > /usr/local/etc/rndc.conf

5. chmod 700 /usr/local/etc/rndc.conf

6. Disable Bind8 install during make installworld, put this in /etc/make.conf:

7. echo NO_BIND=true >> /etc/make.conf

8. Last,From your terminal run the below or add everything below the cat <> /etc/rc.conf line to /etc/rc.conf: cat <> /etc/rc.conf syslogd_flags="-s -l /chroot/named/dev/log" named_enable="YES" named_program="/usr/local/sbin/named" named_flags="-u bind -t /chroot/named -c /etc/namedb/named.conf" EOF

D. Start DNS Services

1. /usr/local/sbin/named -u bind -t /chroot/named -c /etc/namedb/named.conf

2. Restart syslogd with new parameters killall syslogd

3. syslogd -s -l /chroot/named/dev/log

named.conf file should look like this here for a plain basic setup and also there is a in-addr.arpa zone for your reverse dns and a yourdomain.com or .net whatever your FDQN is, for more custom configs read the docs: